Which of the following should be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance?

• A.Security policies are not applicable across all business units
• B.End users are not required to acknowledge security policy training
• C.The security policy has not been reviewed within the past year
• D.Security policy documents are available on a public domain website

Comment: *

Name: *

Email: *

Verification: *

During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

• A.Sampling risk
• B.Detection risk
• C.Control risk
• D.Inherent risk

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to the effective management of an end user developed application?

• A.Stress testing the application through use of data outliers
• B.Implementing best practice folder structures
• C.Continuous monitoring to facilitate prompt escalation of issues
• D.Assigning risk ratings based on probability and impact

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is reviewing the security of a web-based customer relationship management (CRM) system that is directly accessed by customers via the Internet, which of the following should be a concern for the auditor?

• A.The system is hosted on an external third-party service provider's server.
• B.The system is hosted in a hybrid-cloud platform managed by a service provider.
• C.The system is hosted within a demilitarized zone (DMZ) of a corporate network.
• D.The system is hosted within an internal segment of a corporate network.

Comment: *

Name: *

Email: *

Verification: *

An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?

• A.Conduct security awareness training.
• B.Implement an acceptable use policy
• C.Configure users on the mobile device management (MDM) solution
• D.Create inventory records of personal devices

Comment: *

Name: *

Email: *

Verification: *